1. What is Kiali?

Kiali provides answers to the questions: What are the microservices in my Istio service mesh, and how are they connected?

Figure 1. Kiali Graph

A Microservice Architecture breaks up the monolith into many smaller pieces that are composed together. Patterns to secure the communication between services like fault tolerance (via timeout, retry, circuit breaking, etc.) have come up as well as distributed tracing to be able to see where calls are going.

A service mesh can now provide these services on a platform level and frees the application writers from those tasks. Routing decisions are done at the mesh level.

Kiali works with Istio, in OpenShift or Kubernetes, to visualize the service mesh topology, to provide visibility into features like circuit breakers, request rates and more. It offers insights about the mesh components at different levels, from abstract Applications to Services and Workloads.

Kiali also includes Jaeger Tracing to provide distributed tracing out of the box.

2. What does it do?

2.1. Graph View

Kiali provides an interactive graph view of your namespace in real time, being able to display the interactions at several levels (applications, versions, workloads), with contextual information and charts on the selected graph node or edge.

Figure 2. Kiali Graph

2.2. Applications

The Applications menu entry shows all the applications running in our environment.

Figure 3. List of Applications

Kiali provides detailed information related to the application, such as its health or the list of its workloads.
The health summary comes with detailed information of multiple indicators in a tooltip.

Figure 4. Application Info

Kiali also displays Istio metrics associated with an application.

Figure 5. Application Metrics

2.3. Workloads

The Workloads menu entry shows the list of workloads with their health, error rate and labels validations.

Figure 6. List of Workloads

By selecting a workload, the related information is displayed along with the associated pods and services.

Figure 7. Workload Info

2.4. Services

The Services menu entry shows the list of services with their health and error rate.

When selecting a single service, its details page includes service ip, ports, endpoints, workloads, destination rules, virtual services and more details.

Inbound/outbound metrics are displayed for this service and a more detailed view is available in a linked Grafana dashboard.

Figure 8. Service Info

2.5. Istio Config

The Istio Config menu entry displays a list of all of the available Istio configuration objects that exist in the user’s environment.

Figure 9. List of Istio Configs

You can view, edit and delete the configuration yaml around a specific Istio object.

Figure 10. Istio Config View

Figure 11. Valid Configuration of Istio Config

Kiali will highlight configuration errors.

Figure 12. Invalid Configuration of Istio Config

2.6. Validations performed

This section lists all the validations that Kiali performs on all Istio configurations. Most of these validations are done in addition to/on top of the existing ones performed by Istio’s Galley component (except those marked as deprecated). Most validations are done inside a single namespace only, any exceptions (such as gateways) are marked below.

Table 1. List of destination rule validations

Validation message

Severity

Description

Source

Example

More than one Destination Rule for the same host subset combination

warning

Warning shown when two Destination Rules point to the same host and share one or more subsets. If non-local mTLS is enabled this check is ignored.

2.7. Istio Wizards

Kiali provides different actions to create, update and delete Istio configuration driven by Wizards.
These actions are located under Service Details page.

Figure 13. Service Details Actions

These actions are enabled by default.
Kiali can also be installed in "view only" mode to restrict any write operation on Istio configuration.
Check Kiali Operator CR to get more details about how to configure this option.

2.7.1. Weighted Routing Wizard

This wizard allows to select the percentage of traffic that will be routed to a specific Workload.

Figure 14. Weighted Routing Wizard

Kiali will create a pair of Istio resources (VirtualService and DestinationRule) with a single routing rule using the selected weights for the destination workloads.

2.7.2. Matching Routing Wizard

The Matching Routing Wizard allows to create multiple routing rules.

Every rule is composed by a Matching and a Routes section.

The Matching section can add multiple filters using HEADERS, URI, SCHEME, METHOD or AUTHORITY Http parameters.
The Matching section can be empty, on this case, any http request received is matched against this rule.

The Routes section can select one or multiple Workloads.

Istio applies routing rules in order, meaning that first rule that matches an HTTP request, it is responsible to perform the routing. The Matching Routing Wizard allows to change order of rules.

Figure 15. Matching Routing Wizard

In the same way that the previous Wizard, Kiali will create a pair of Istio resources mapping the routing rules defined into the generated VirtualService.

2.7.3. Suspend Traffic Wizard

This wizard helps user to stop partially or totally traffic for a service. It allows to define which workloads will receive traffic.

When traffic is suspended for all workloads, Istio will return an error code to any Service request.

Figure 16. Suspend Routing Wizard

When there is traffic for some workload, the wizard will map a weighted rule; when there is not traffic, an abort rule will be coded in the pair of Istio resources VirtualService and DestinationRule generated.

2.7.4. Advanced Options

All previous wizards have an "advanced options" section where user can define specific configuration for TLS and LoadBalancing.

Figure 17. Advanced options section

When mTLS is enabled by default in the global cluster or namespace this option is already preselected.